Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
Despite the millions of dollars companies invest in cybersecurity programs, advanced persistent attackers constantly devise new means of breaking into corporate environments. How can deception technology offer a new alternative? Ofer Israeli of Illusive Networks explains.
A new strain of the Petya ransomware called "Bad Rabbit" is impacting business and sweeping across Russia and Ukraine, among other Eastern European countries. Like many of the other ransomware outbreaks, understanding fact from fiction is the first step in staying safe.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Interest in deception technology is growing because it can play a valuable role in improving intrusion detection, says Anton Chuvakin of Gartner, who explains the intricacies of the emerging technology in an in-depth interview.
Punjab National Bank, which has been in the news for a $1.8 billion fraud incident, got more bad news when a security company revealed that payment card information for as many as 10,000 of the bank's customers has been for sale on the dark web. The two incidents do not appear to be related.
The U.S. Securities and Exchange Commission has released revised guidance "to assist public companies in preparing disclosures about cybersecurity risks and incidents." It includes new prohibitions on trading in corporate shares after a breach has been discovered but before investors have been notified.
Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to influence U.S. politics. Also, a feature in Australia's new real-time payment system could be abused by identity thieves.
Want to meddle with a democracy? Just use its social media outlets against it to amplify already existing social divisions. That's the quick take on the indictment recently unsealed by Special Counsel Robert Mueller that accuses Russians of running an "active measures" campaign against the United States.
After a U.S. indictment charged Russians with running a troll factory that interfered in U.S. elections, groups tracking online disinformation campaigns warn that Russian bots are now debating the school shooting in Parkland, Florida. The White House is facing questions over what it's doing to deter Moscow.
Australia's real-time payments platform, which launched last week, includes a feature designed to reduce fraud and erroneous payments. Ironically, the feature may also expose users to social engineering attacks.
Intel faces 32 lawsuits filed over the trio of flaws in its CPUs known as Meltdown and Spectre, seeking damages for the security vulnerabilities as well as alleged insider trading. The flaws have also been cited in lawsuits against chipmakers AMD and ARM, as well as against Apple.
Is U.S. computer crime justice draconian? That's one obvious question following England's Court of Appeal ruling that suspected hacker Lauri Love would not be extradited to the United States, in part, because they said the U.S. justice system could not be trusted to treat Love humanely.
Attackers recently snuck cryptomining code onto thousands of websites by inserting it into a third-party accessibility plug-in called Browsealoud. Web specifications designed to guard against these types of rogue actions by third-party code libraries already exist. Why aren't more sites using them?